From c36c4e4b12ed10d2fe4c8c0293e036dff8985758 Mon Sep 17 00:00:00 2001
From: Greg Hudson <ghudson@mit.edu>
Date: Tue, 28 Jun 2016 22:10:35 -0400
Subject: Fix unlikely leak in sendto_kdc

If a TCP connection is killed after it allocates the buffer (so is no
longer in READING state), free the buffer during cleanup.

(cherry picked from commit 6895dc9f204520e7f4da8da879cc67c149bc4e6b)

ticket: 8444
version_fixed: 1.13.7
---
 src/lib/krb5/os/sendto_kdc.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/src/lib/krb5/os/sendto_kdc.c b/src/lib/krb5/os/sendto_kdc.c
index 3b3b438..9c54d99 100644
--- a/src/lib/krb5/os/sendto_kdc.c
+++ b/src/lib/krb5/os/sendto_kdc.c
@@ -1512,7 +1512,7 @@ cleanup:
             closesocket(state->fd);
             free_http_tls_data(context, state);
         }
-        if (state->state == READING && state->in.buf != udpbuf)
+        if (state->in.buf != udpbuf)
             free(state->in.buf);
         if (callback_info) {
             callback_info->pfn_cleanup(callback_info->data,
-- 
cgit v1.1